src/Controller/v1/User/UserRolesController.php
<?php
declare(strict_types = 1);
/**
* /src/Controller/v1/User/UserRolesController.php
*
* @author TLe, Tarmo Leppänen <tarmo.leppanen@pinja.com>
*/
namespace App\Controller\v1\User;
use App\Entity\User;
use App\Security\RolesService;
use OpenApi\Attributes as OA;
use OpenApi\Attributes\JsonContent;
use OpenApi\Attributes\Property;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Attribute\AsController;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Routing\Requirement\Requirement;
use Symfony\Component\Security\Http\Attribute\IsGranted;
/**
* @package App\Controller\v1\User
* @author TLe, Tarmo Leppänen <tarmo.leppanen@pinja.com>
*/
#[AsController]
class UserRolesController
{
public function __construct(
private readonly RolesService $rolesService,
) {
}
/**
* Endpoint action to fetch specified user roles.
*/
#[Route(
path: '/v1/user/{user}/roles',
requirements: [
'user' => Requirement::UUID_V1,
],
methods: [Request::METHOD_GET],
)]
#[IsGranted(new Expression('is_granted("IS_USER_HIMSELF", object) or "ROLE_ROOT" in role_names'), 'user')]
#[OA\Tag(name: 'User Management')]
#[OA\Parameter(
name: 'Authorization',
description: 'Authorization header',
in: 'header',
required: true,
example: 'Bearer {token}',
allowReserved: true,
)]
#[OA\Response(
response: 200,
description: 'Specified user roles',
content: new JsonContent(
type: 'array',
items: new OA\Items(type: 'string', example: 'ROLE_USER'),
example: ['ROLE_USER', 'ROLE_LOGGED'],
),
)]
#[OA\Response(
response: 401,
description: 'Invalid token',
content: new JsonContent(
properties: [
new Property(property: 'code', type: 'integer'),
new Property(property: 'message', type: 'string'),
],
type: 'object',
example: [
'Token not found' => "{code: 401, message: 'JWT Token not found'}",
'Expired token' => "{code: 401, message: 'Expired JWT Token'}",
],
),
)]
#[OA\Response(
response: 403,
description: 'Access denied',
content: new JsonContent(
properties: [
new Property(property: 'code', type: 'integer'),
new Property(property: 'message', type: 'string'),
],
type: 'object',
example: [
'Access denied' => "{code: 403, message: 'Access denied'}",
],
),
)]
public function __invoke(User $user): JsonResponse
{
return new JsonResponse($this->rolesService->getInheritedRoles($user->getRoles()));
}
}